Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

HJT Log -- Think it MAY be EliteBar but...

JSchneider

Posted 18 May 2005 - 06:39 PM

JSchneider

Member

Member

20 posts

I thought this was Elitebar, but the removal instructions don't seem to apply. However, Adaware SE keeps finding a reg key for it. Tried Adaware SE, Microsoft AntiSpyware Beta and Spybot Search and Destroy and the popups just keep coming. Next attempt will be duct tape over a certain portion of the monitor to block the ads.

coachwife6

Posted 07 June 2005 - 03:45 AM

Open task manager -- control >>alt>>delete and stop this process.C:\WINDOWS\system\nbleegud.exe

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). Be sure you're able to view hidden files, and remove the following files in bold (if found):

If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.

After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.

Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".

Once the definitions have been updated:

Reconfigure Ad-Aware for Full Scan as per the following instructions:

Launch the program, and click on the Gear at the top of the start screen.

Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)

Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.

After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.Make sure the following are checked:Downloaded Program FilesTemporary Internet Files andRecycle BinClick OK and Disk Cleanup will delete those files for you.

If you would please, rescan with HijackThis and post a fresh log in this same topic.

JSchneider

Posted 16 June 2005 - 05:39 PM

JSchneider

Member

Topic Starter

Member

20 posts

I tried what you said. Perhaps because time had lapsed from when you answered and when I was able to visit the PC, some of your suggestions seemed not applicable. The PC is very bad with lots of popups.

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). Be sure you're able to view hidden files, and remove the following files in bold (if found):

Advertisements

JSchneider

Posted 17 June 2005 - 10:49 AM

JSchneider

Member

Topic Starter

Member

20 posts

Thanks for your quick response and help. We ran the instructions you gave us, when we rebooted after safe mode, NAV10CE gave use an autoprotect error about WINTASK.EXE (SecurityRisk.Downldr -- http://securityrespo...k.downldr.html)

We immediately went back into safe mode and manually deleted that file. Here's the

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

coachwife6

Posted 17 June 2005 - 03:26 PM

coachwife6

SuperStar

Retired Staff

11,413 posts

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4